Your Needs Are First with Us.

Menu

Quicktime

[tweetmeme source=”franscomputerservices” only_single=false]There is a ‘supposedly new’ threat on the horizon for Windows XP users, and more so on multi-core systems called KHOBE (Kernel HOok Bypassing Engine).

Although this is a threat, it is not a new threat — in fact, this type of thing has been a threat to computing since 1998 when it was written about in PDF format: RaceConditions.pdf, and in 1996 in this PDF: racecond.pdf and many times since then in articles online about TOCTOU (noted below in this posting).

However, let’s look at this objectively. First this is not the first, last or only situation that has or will arise. Race Conditions as noted above have been created by TOCTOU (Time of check to time of use) situations since the dawn of computing and yes, they are not easy to test for in all situations/hardware prior to release of software/Operating Systems, but these types of conditions have been a potential threat for a very long time in all kinds of software.

A time-of-check-to-time-of-use bug (TOCTTOU − pronounced “TOCK too”) is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race condition.

So, why the fuss now? Windows 7 is basically claimed to be immune — by its omission in the ‘affected Windows Operating Systems’ list. Apparently only Windows XP (ONLY about 60% of Windows users –eeek! — per Adrian Kingsley-Hughes article above), or earlier Windows OSes are affected and in this particular case, and then only by security software that use the KHOBE (Kernel HOok Bypassing Engine).

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of “doing something extra” if the bad guys’ malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that’s one of the reasons, of course, why we – and to their credit other vendors – offer a layered approach using a variety of protection technologies.

The security panic of the week is the widely-reported story of a “vulnerability” called KHOBE. One news headline goes so far as to announce that this “new attack bypasses virtually all AV protection”.

I disagree.

The sample “attack”, which claims to be an 8.0 earthquake for desktop security software, describes a way in which the tamper protection implemented by some anti-malware products might potentially be bypassed. Assuming you can get your malicious code past the anti-malware product in the first place, of course.

Much more in his blog entry. All of these links are must read if you wish to understand as much as is possible what the real threat is.

So, given all this, is the game over on security software because this is now disclosed to be possible (READ: it was always possible) — at least till they figure out how to prevent Race Conditions in security software?

Hardly. But due to the release of the information, this situation may make life interesting security-wise for Windows XP users (earlier Windows OSes like Win2K, Win98, WinME, WinNT shouldn’t even be on the net at this point for many reasons, the least of which is this situation).

So, if you are a Windows user what can you do in the meantime?

Keep your systems up to date

Make sure you have a hardware NAT or SPI Firewall/Router on your local network, and a software firewall in place and working properly and updated (if it’s a third party firewall – Windows Firewall is updated with your Windows Updates)

Run your CCleaner (or other Temporary Files/Temporary Internet Files cleaner program) frequently (I actually run mine several times a day) – Fully close any browsers before running your ‘cleaner’ and then re-open it as needed after you run the ‘cleaner’

Make sure your antivirus software is updating as it should and doing its scheduled scans

Update and Run any cleaner software and secondary anti-malware programs (like Malwarebytes Anti-malware) at least once a week or more often and immediately if something seems odd on your computer

Don’t open suspicious emails, even from known senders

Be careful where you go on the Internet. Even some legitimate sites have been hacked

Be careful about links and friends on Facebook (if you haven’t deactivated your account yet), Twitter, LinkedIn, and other Web 2.0/dynamic Social Networking sites.

In short, do what you should always be doing to keep yourself safe. Because this isn’t over. It was always a possibility whether we were aware or not, and it will likely be a possibility for a long time to come.

You might also consider installing a preventative program like BillP’s WinPatrol on your system to make you aware of potential changes to your system. *See EDIT below for a note from BillP about WinPatrol and kernel hooks.

And as I noted earlier, the focus of this issue, at this time, is apparently Windows XP, but any operating system is vulnerable to this type of attack and always has been — and that is not likely going to change any time soon.

EDIT: Added the following comment from BillP who developed WinPatrol:

* Thanks! I’m honored by the mention.
It’s a great topic and mentioning WinPatrol is appropriate since I don’t use any kernel hooking to detect changes. Thumbs Up!

[tweetmeme source=”franscomputerservices” only_single=false]Finally getting back to this blog! Sheesh, time sure gets away from ya!

iPad

The iPad looks great! But…

Why couldn’t Apple have done a Mac OS X tablet! Mac OS X which really does just work but is still much more open than iPhone OS. I absolutely love my Mac, and I love my iPod Touch, but I wouldn’t want my iPod Touch’s iPhone OS on my Mac!

Apple’s new iPad coming soon and already introduced by Steve Jobs in the Keynote; but it is basically a tablet in the form of a larger iPod Touch. Including no Flash player still (but can you blame Apple for not including Flash – yes and no LOL!)? Also, apparently, including still only allowing single apps to run at a time?

Also playing games with eBooks and their customers and retailers, and basically saying that their fiddling will only mean that all eBooks will be the same price (albeit Apple’s higher pricing worked out by playing games with the publishers) — kinda a reversal of what they did with the music labels, by the way.

EDIT (added this paragraph): Speaking of single apps only at a time like the iPhone OS … I remember the Windows 7 Starter on netbooks which restricted users to 3 concurrent apps at a time and people were very upset about it. (Thanks to @Blair_42 for reminding me about it. We talked about this on the JimmyLee and Bambi Show Saturday night on CNIRadio, or JimmyLee and I talked about it before the show…will have to go back and listen to the show to be sure LOL!)

… all instead of a Mac OS X tablet that would be able to do so much more, and be more open than the TOTALLY closed environment of the iPhone OS.

Don’t get me wrong, I love my iPod Touch, but it is not the venue I would want for a tablet computer.

Microsoft released thirteen security bulletins addressing twenty-six vulnerabilities. Windows is affected by eleven of the bulletins and older versions of Office by the remaining two bulletins. Of the bulletins, the following are rated as Critical: MS10-006, MS10-007, MS10-008, MS10-013, and MS10-015.

Those that know me, know that I highly suggest that folks use Firefox due to the lack if Active-X and it’s related vulnerabilities, as well as the extension system which has been very helpful; NoScript, Adblock Plus, MyWOT, and so many more wonderful extensions.

And then there is the outright annoyance of HTML 5 and NO H.264 support in Firefox 3.6

Just when HTML 5 is finally breaking ground…We have Firefox 3.6, which supports HTML 5, but which is also a step backward in compatibility with video sites?! Huh?!

What good is HTML 5 support in Firefox if they take away H.264 support?! I understand ADDING Ogg Theora support, but removing H.264 support?

I applaud YouTube, Vimeo, Blip.TV, etc. (hopefully Hulu too), for going to a more open standard like HTML 5 (instead of Flash) for their delivery method of their video content, but they are staying with the same H.264 codec for the videos themselves.

So, why would Firefox, at this particular juncture, remove the ability to play H.264 from Firefox so all their Firefox 3.6 users (even on a computer with the proper codecs installed) get greeted with this:

Firefox 3.6 and YouTube HTML 5 breakage

Or is Flash the ONLY way to get H.264 compatibility?! Which would really stink big time.

I predict, sadly that many will move from Firefox to other browsers as their main browser due to this major annoyance to browsers such as Google Chrome, or Safari who also support HTML 5 but also support H.264.

I am very disappointed about this. And the only way to get around this is what to stay with Firefox? Stay with Firefox 3.5.7? Brilliant move Mozilla. And this from a Firefox user who has been thrilled with Firefox all the way since before it was Firefox in the Beta days. *Sigh*

Me? I don’t know. For general surfing, Firefox with the security addons that I use and other addons that make life easier, I may stay with Firefox. But now I will have to look elsewhere for video rendering of H.264 on all the video sites?!

More…

Oh, and apparently there may be some malware that is currently corrupting DNS or redirecting results for any of the built-in or toolbar search engines in both Firefox and Internet Explorer.

I am not sure which combination appears to do it, but one client got hit by malware (and removed it with Malwarebytes Antimalware), and found that even after the malware was gone — and BTW the host file was clean — they would get misdirected to bogus sites if they used the built-in search engine for Google or use the Yahoo Toolbar in both Firefox or Internet Explorer. However, correct results would happen when going directly to the search engine website like google.com, ixquick.com or yahoo.com. Very interesting.

Buying a new computer? Here’s some great information from Bits from Bill Pytlovany (creator of WinPatrol — great program by the way!) and the article has nothing to do with buying or using WinPatrol. 😉

Did you think I was going to start out by telling you all to install WinPatrol as soon as you opened up your new computer? Guess again. I always try to write my articles from a different point of view and today may not be what you expect.

For the 2nd time I’ve had to return the Dell All-in-One Multi-Touch computer system that I’ve been dreaming about for months. The first unit had to go back because Dell shipped the wrong configuration. The 2nd system had to go back due to internal hardware failure. I should have known something was wrong when I could hear loose parts when I took the computer out of the box.

My point today is take a little time to insure your brand new computer is everything it should be or you may be sorry. Before you install your favorite software on your brand new system I have a few recommendations.

Although these technologies are free for users to view Flash content, etc., the cost to companies to make use of them can be very expensive indeed. If you have ever noted how expensive the Adobe Suite(s) are then you may already know what I mean.

Technologies like Flash, Silverlight and Java can be considered a combination of a container and delivery mechanism for presenting various types of file such as video and audio, etc. in a browser environment.

The video and audio codecs themselves used to present these files can vary. You can see audio files in mp3, m4a, wma, ogg, etc. audio formats, or video files in H.264, Windows Media, Ogg Theora, etc., video formats.

As of this writing, Microsoft is scheduled to release on Jan. 21 an update that fixes the Internet Explorer vulnerability behind the recent, highly publicized cyberattacks on Google and other major corporations.

Be sure to get your IE (Internet Explorer) update through Windows Updates.

If you have, or are using an older version (IE6 or IE7) of Internet Explorer — whether you use Internet Explorer as your default browser or not, make sure to get IE8 (Internet Explorer 8 ) from Microsoft’s website here. The Internet Explorer browser engine is used by many programs and by Windows, so it is very important to keep it updated.

Adrian Kingsley at ZDNet also has an article about the need to update your Internet Explorer browser to the latest version and answers the question whether to dump IE and to make sure you get other updates (Flash, etc.) that are equally important here.

I personally keep all my browsers updated to the latest version and all my Internet facing supporting programs like Flash, Java, Quicktime, etc. Even so, I generally use Mozilla Firefox as my default browser. I like the Extensions for Firefox that help make it more useful and secure.